Privacy Policy

Last updated: April 24th, 2025

At QRSurge, protecting your privacy is core to how we build our product. This policy is our plain-language guide to:

  • What we collect — only the essentials to run QR codes, short links, and your account.
  • Why we collect it — so you can create, share, and track codes securely.
  • How you stay in control — easy settings to view, download, or delete your data at any time.

We've kept the legalese to a minimum and added tables and examples so everything is easy to understand. If anything still seems unclear, email us at [email protected] and you'll hear back from a real human.

1. Who we are

ThinkSource Software, LLC d/b/a QRSurge
7901 4th St N # 26674, St. Petersburg, FL 33702, USA

Controller – We decide how to use information about visitors, customers, and prospects.
Processor – We handle “scanner” data on behalf of our customers when someone scans one of their QR codes or visits a short link.

Contact us: [email protected] (general) | [email protected] (EU/UK matters)

2. What this policy covers

  • Our websites (qrsurge.com, app.qrsurge.com, qrsurge.to, qrs.so)
  • Any custom domains our customers connect
  • Mobile or web pages where a QRSurge link or QR code sends you
  • Emails or chats you have with us

3. The information we collect

What we collectExamplesHow we get it
Account detailsName, email, login profile, password hashYou or Google/Microsoft login
Billing infoName, address, last-4 digits of card (stored by Stripe)You / Stripe
Usage dataPages you visit, clicks, device type, language, time zoneAutomatic
Location (coarse)Country, state, city, ZIP, rough latitude/longitudeDerived from IP
Files you uploadLogos, images, PDFsYou
Support messagesEmails, chat transcriptsYou

We don't request or knowingly collect sensitive data (health, biometrics, children's data, etc.).

4. Why we use this information

WhyLegal reason (GDPR)
Run and secure our serviceContract
Process payments and invoicesContract / Legal obligation
Fix bugs and improve featuresLegitimate interest
Send account or security emailsContract
Send product news or offersConsent (opt-in) / Legitimate interest (B2B)
Show customers QR-code scan statsContract (processor duty)
Meet legal duties and stop fraudLegal obligation / Legitimate interest

We never sell or share your info for targeted ads.

5. Aggregated stats

We sometimes turn data into anonymous stats—like total scans per country—to spot trends. Those stats can't identify you, and we won't try to reverse-engineer them.

6. Cookies and similar tech

Essential cookies

  • authjs.* – keeps you signed in
  • campaign_password – lets password-protected scan pages work

Preferences

  • organizationSlug, sidebar:width, tz, plus theme in localStorage

Payments

Stripe sets its own cookies during checkout.

You'll see a banner the first time you visit; you can change cookie settings any time. Full details are in our separate Cookie Notice below.

7. Links we don't control

Our site sometimes links to other websites (docs, blogs, etc.). We aren't responsible for their content or privacy practices. Please read their policies if you visit them.

8. Companies that help us run QRSurge

PartnerWhat they doWhere data goes
Fly.ioHosts our dashboardUSA
CloudflareEdge hosting, DNS, anti-botWorldwide
Neon.techStores our databaseUSA
StripeHandles paymentsUSA
ResendSends our emailsUSA
Simple AnalyticsPrivacy-friendly site analyticsNetherlands
SentryError monitoringUSA / EU

9. Moving data across borders

Our servers live in Virginia (USA). When EU/UK data comes to the US, we rely on the EU's Standard Contractual Clauses plus strong encryption and access controls. We may certify under the EU–US Data Privacy Framework in the future.

10. How long we keep information

DataHow long
Active accountsUntil you close the account
Deleted accountsWiped within 30 days
Payments & tax recordsAt least 7 years (required by law)
Scanner IP addressesAnonymized right after we get the location
Logs & analyticsAbout 12 months, then aggregated or deleted
Back-upsOverwritten on a rolling basis (usually within 90 days)

11. How we protect information

  • HTTPS everywhere (TLS 1.2/1.3)
  • Data encrypted at rest (AES-256)
  • Role-based access, least privilege
  • Optional two-factor auth for your account
  • Automated vulnerability scans and periodic pen-tests

We'll tell you and, where required, the authorities without undue delay if a data breach happens.

12. Your choices and rights

Depending on where you live, you can:

  • Get a copy of your info
  • Fix wrong info
  • Delete your account and data
  • Move info to another service
  • Object or limit how we use it
  • Withdraw consent at any time

Send requests to [email protected]. We answer within 72 hours (and within 30 days for EU/UK).

Do-Not-Track: Browsers' “DNT” signals aren't widely supported, so we don't respond to them. Use our cookie settings or email us instead.

13. Extra rights for U.S. state residents

California, Virginia, Colorado, Connecticut

You can know, access, correct, delete, or export personal info and opt out of sale/share, targeted ads, or certain profiling. Email [email protected]; we'll reply within 45 days (or 90 days if we need more time). If we deny your request, you can appeal by emailing “Appeal” in the subject.

Shine-the-Light (CA)

Ask us once a year who we shared direct-marketing info with.

Nevada

Email us with “Nevada Do Not Sell Request” to opt out of future “sales” (as Nevada defines them).

14. Children

QRSurge is for adults 18+. If you think a minor gave us info, let us know and we'll delete it.

15. When we change this policy

If we make big changes, we'll post a notice in the app or email you at least 14 days before they take effect. We keep old versions for reference.

16. Accessibility

Need this policy in another format? Email [email protected] and we'll help.

17. Irrevocable public links

If you share a QR code or short link publicly, others can copy or cache it. Deleting the campaign won't remove every copy. To stop traffic, deactivate the code in your dashboard.

Cookie Notice

Last updated: April 24th, 2025

1. What are cookies?

Cookies are small text files stored on your device. We also use localStorage and similar tech for the same purposes.

2. How we use them

CategoryWhyExamples
Strictly necessaryAuthenticate users, protect against CSRF, maintain session stateauthjs.callback-url, authjs.csrf-token, authjs.session-token (30 days), campaign_password (7 days)
FunctionalStore UI and org preferencesorganizationSlug (session), sidebar:width (7 days), tz (1 year), theme (localStorage)
AnalyticsUnderstand feature usage (cookieless, no personal IDs)Simple Analytics (no cookies)
Third-party paymentsEnable secure checkout via StripeStripe cookies such as __Secure-has_logged_in, __stripe_orig_props, _ga, stripe.csrf, etc.
Future advertisingWe will request consent before adding marketing pixelsN/A

3. Managing your preferences

• Use our banner's “Cookie Settings” to toggle non-essential cookies.
• Clear cookies via your browser settings.
• Opt out of Stripe cookies via their cookies policy.

4. Changes

If we introduce new cookies or change purposes, we'll update this notice and refresh your consent choice.

5. Contact

Questions about cookies? Email [email protected].

Using our services means you agree to this Privacy Policy and Cookie Notice. Check back for updates.

QRSurge
QRSurge is a free online QR code generator that lets you create high-quality, custom QR codes instantly. Generate branded QR codes for websites, WiFi access, contact information, and more. Download your codes in high-resolution formats — no registration required. Perfect for both personal and commercial use.

Product

FeaturesUse CasesPricingFAQ

QR Code Generators

Bluesky QR Code Generator

Company

Fair Use PolicyTerms of ServicePrivacy Policy
Follow us
BlueskyFacebookLinkedin
© QRSurge.com 2025. Made with ♥ in Miami.
QR Code is a registered trademark of DENSO WAVE INCORPORATED
Images provided by Freepik